CVE-2016-2570
Description
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.488
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Web proxy cache server (USN-3557-1) squid3_3.3.8-1ubuntu6.11_i386.deb | Linux |
| Web proxy cache server (USN-3557-1) squid3_3.3.8-1ubuntu6.11_amd64.deb | Linux |
| Web proxy cache server (USN-3557-1) squid3_3.5.12-1ubuntu7.5_all.deb | Linux |
| Web proxy cache server (USN-3557-1) squid3_3.5.23-5ubuntu1.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234